Here we will use Wazuh log collection and analysis capabilities to meet the following PCI DSS controls:

10.2.4: Invalid logical access attempts.

10.2.5: Use of and changes to identification and authentication mechanisms —including but not limited to creation of new accounts and escalation of privileges— and all changes, additions, or deletions to accounts with root or administrative privileges.

Using the sudo log analysis decoder and rules, Wazuh will generate an alert for this particular action and write it to alerts.log. Using the rule tags we can see which PCI DSS requirements are specifically related to this alert.

Kibana displays information in an organized way, allowing filtering by different types of alert fields, including compliance controls. We have also developed a couple of PCI DSS dashboards for convenient viewing of relevant alerts.